Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Mortimer.CA writes "In a weblog posting, Jason Livingood, Executive Director of Comcast's Internet Systems has stated that they're beginning public trials of IPv6; Comcast hopes 'that these trials will encourage other stakeholders to make plans to continue, or to begin, work on IPv6 in 2010 so that all stakeholders do their part in ensuring the future of the Internet is as bright and innovative as it has been in the past.' Interested guinea pigs can volunteer at Comcast6.net (FAQ). Those who have IPv6 connectivity via other means can check out their IPv6-only web presence."

This is through an Apple airport base station via whatever tunnel provider it uses for its IPv6 support. No manual setup, just click the buttons to turn IPv6 on and to block incoming connections.

The 2002 prefix on your ipv6 address says you're using 6to4 address translation/tunneling. The ipv4 address at the time was 17.89.68.239. I'm not sure if its your computer doing the 6to4 tunneling or your airport. I'm thinking it's the computer as its using the 2002 address as opposed to the router doing it all in the background.

I'm not sure if its your computer doing the 6to4 tunneling or your airport. I'm thinking it's the computer as its using the 2002 address as opposed to the router doing it all in the background.

The tunnel is established by the airport; I'm not running any 6to4 stuff on the LAN computers (Macbook, couple of Linux boxes, and an OpenBSD instance running in a KVM virtual machine). They just auto-configure themselves on the/64 announced by the router. The LAN computers can 'ping6' each other as well as external sites like ipv6.google.com.

I can see it on my ipv6 connection, it's on 2001:558:1002:5:68:87:64:59 and seems to work:)
For those on the UK wanting an ADSL ISP with ipv6 support I recommend Andrews & Arnold (http://www.aaisp.net.uk/) who have been doing this for years now and provide native or tunneled ipv6 and full ipv6 static addresses to their customers on request.
Just a happy customer of theirs:)

I'm capped too during daytime, and I always get the speed I paid for (sometimes more!), but what they call a "heavy business owner" (10GB/month), I call having to "stretch". And 50/month? I know here in Portugal we get paid less, but that seems expensive. For 60/month I can get 60Mbps down, 3Mbps up, plus digital cable TV and free calls to landline numbers.

Almost all ISPs in the UK have some limits on usage, either they are honest about it like this ISP or they have fair use limits, or throttle speeds or some protocols, or they get congestion at peak times and slow down. Or they are heavily subsidising heavy users from their light users and hoping that overall use doesn't increase or they'll be badly caught outI've just taken a look at AAISPs prices and they don't seem quite as insane as they used to be but they are still very high if you have any significant

Hard, but doable. An ISP can "protect the security of its network" by requiring the customer to run a "dialer" or "supplicant" [wikipedia.org] before the ISP will route the customer's packets outside the quarantine. The ostensible purpose of network access control methods [wikipedia.org] is to make sure that the operating system and antivirus signatures on customer equipment are updated and that the botnet-of-the-week isn't running. But the side effect of Trusted Network Connect [wikipedia.org] deployment is that connecting to a home-class Internet requi

Its pretty hard to stop someone from using a NAT. Comcast can't really tell the difference between a NAT and a single machine without deep packet inspection.

At which point you just sue them for invasion of privacy, not that you'll get anywhere but its a neat idea.

The other side to that is that your IPv6 router can deal with helping IPv4 devices communicate over the IPv6 backbone as long as the backbone does the proper bridging (according to the protocol) back to IPv4, which they'd surely have to if they do

But there is. For one thing the TTL will be one lower than "usual". You can hide that, but there are lots of other ways to detect it.

The TTL will be decremented because the packet passes through a router which is performing the NAT (Linksys, Netgear, whatever). By blocking hosts based upon TTL inspection wouldn't they would preclude anyone using a home router, or more importantly, having wireless access?

What I am failing to understand is this: Why would they want to block NATting? What benefit does this buy the ISP? Are we talking about the ability to force customers to pay an extra fee for each connected device as they do with cable boxes? I dont see that flying with anyone who has non-computer devices, such as DVRs and game systems.

No, that is not allowed (well the police won't stop them, but it's definitely not best practice). Best practice was originally a/48, but now ISP's are allowed to cut all the way down to a/56 if they feel a/48 is too much.

You shouldn't put hosts in anything but a/64, and some don't think there should exist non-/64 unicast networks at all. Personally I believe that at least/128 should be allowed.

Let's say your ISP has a/32. The ISP uses a/64 for every point-to-point link between their router and your home router, and you have a/64 within your own home. Additionally, you have a second/64 reserved for you to make VoIP easier. Then, your ISP can clearly only have 1.1 billion customers.

I realise the above is a bit silly, but seriously, there are enough/64s for everyone. There is no need for a/128, no need for a/126, no need for anything but a/64.

I realise the above is a bit silly, but seriously, there are enough/64s for everyone. There is no need for a/128, no need for a/126, no need for anything but a/64.The trouble is the ipv6 autoconfiguration mechanisms were designed arround giving each subnet a/64 so if you only have a/64 you either have to limit yourself to one subnet (e.g. no seperate subnet for a segregated wifi network) or configure all your machines manually (and in the case of XP configure them from the command line!)

No, that is not allowed (well the police won't stop them, but it's definitely not best practice). Best practice was originally a/48, but now ISP's are allowed to cut all the way down to a/56 if they feel a/48 is too much.

You shouldn't put hosts in anything but a/64, and some don't think there should exist non-/64 unicast networks at all. Personally I believe that at least/128 should be allowed.

The first 64-bits are the "network" portion of the address, and the second 64-bit chunk is the interface portion (ie the ipv6 version of your mac address). I'm ignoring multicast for the present. For normal unicast, you can't subnet smaller than a/64. If your ISP is following the standard, they can't give you bigger than a/48 for your site.

It's also a bit of a myth that ipv6 allows for 2^128 addresses. That's not really true given the first several bits define the address type, not all of the TLAs have

The first 64-bits are the "network" portion of the address, and the second 64-bit chunk is the interface portion (ie the ipv6 version of your mac address). I'm ignoring multicast for the present. For normal unicast, you can't subnet smaller than a/64.

It may not be allowed, but it is widely deployed. Not with hosts in those subnets, but it is fairly popular with router-only subnets.

If your ISP is following the standard, they can't give you bigger than a/48 for your site.

If you can demonstrate need, you can get up to a/32 even as a non-ISP. Obviously demonstrating the need for such a large allocation is a bit theoretical.

Yes, I know the IPv6 address space is galactically huge, but what exactly good purpose is served by giving each customer 1.8*10^19 addresses? Seems a bit excessive, doesn't it? Wouldn't most customers be fine with 16 bits of host/subnet (obviously, there might be som), and the rest of them shouldn't conceivably need more than 32 bits of their own address space? (And if someone needs/wants more than 32-bits of addressing assigned to them, then, sure, by all means, give them 48 bits). But why, 'by default', g

The idea is to keep it simple, assign a standard network size that's big enough for just about anyone and assign the same size network to everyone instead of messing around with the IPv4-style "You get _one_ IP, you over there get a/28, and that guy in the corner gets a/24, Joe was an early adopter so he's got a/16 and Steve over there had some good arguments for why he should get a/20, and lucky Dan over there has a/8..." mess.

You know, 4 million years from now people are going to be thinking "God damnit, why were they so wasteful with ipv6 address space? I didn't need a/56, all I needed was a/64! If they would've allocated the more efficient subnets we wouldn't have to be worrying about IP address exhaustion within the next 10 million years.:-(

As the website explains, one of Comcast's 3 transition strategies is based on DS-Lite, which essentially means a big provider-based NAT that allows IPv4 only devices such as games consoles to connect via a new IPv4/IPv6 home router (dual stack) over v6 infrastructure to an end server that is v4 based.

I've been waiting for mediacom to roll out some DOCSYS 3 / IPv6 forever. This little town I happen to be in, has excellent infrastructure and is physically capable of running it -- unlike most cities. This town is dependent only on major hardware upgrades, not cable plant upgrades.

The main page mentions tunneling IPv4 over what it calls "Dual-Stack Lite technology (aka DS-Lite)". But Comcast must not have been aware of Nintendo's prior use of "DS Lite" for a handheld video game system with Wi-Fi support. Do Nintendo video game consoles even support IPv6?

ipv6.google.com [google.com] is IPv6 only, and if you can reach it, you are IPv6 enabled.

We actually used this for the IPv6 test in Netalyzr [berkeley.edu] as the basis of the IPv6 connectivity test. Our servers don't have IPv6, but we have a small amount of javascript on the analysis page that tries to fetch the logo from IPv6.google.com and reports success or failure back to the server.

Ok. So it's only ipv6 if your DNS provider doesn't return IPv4 records for it... It's still not a good test for IPv6 connectivity. A better test for IPv6 connectivity would be, you know, sending an IPv6 packet and seeing if it gets through.

Ok. So it's only ipv6 if your DNS provider doesn't return IPv4 records for it... It's still not a good test for IPv6 connectivity.

Yes it is. A good DNS provider won't return records when there are none. OpenDNS earns money from ad placement on their bad hostname page, so when there isn't a valid record to a hostname, they return a server of their own. An honest DNS provider is a great test for IPv6 connectivity, though.

You got trapped by OpenDNS. OpenDNS is VERY agressive at wildcarding network failures:

132.219.67.208.in-addr.arpa. 18794 IN PTR hit-nxdomain.opendns.com.

So even though there is a valid name for ipv6.google.com (the Google DNS servers return a valid reply with a 0-size answer for an A query, and the whole data for an AAA query), OpenDNS instead goes "hey, lets wildcard it and return our server!"

Ok.... but without IPv6 connectivity (I turned it off), I type ipv6.google.com in my browser address bar, my DNS lies to me, and my browser magically gets (over IPv4) the google homepage. Using ipv6.google.com in a browser as a test for whether your ipv6 connectivity is working is not a good test. I guess if you're testing specifically for the ability to fetch the bouncy logo from that address, that's one thing -- assuming that bouncy logo isn't available at the ipv4 site that opendns is magically making it look like I'm going to, or redirecting me to, or whatever it's doing (no time right now to sniff traffic and see). But the statement:

ipv6.google.com [google.com] is IPv6 only, and if you can reach it, you are IPv6 enabled.

makes assumptions about your network and its services (like DNS) which are not guaranteed to be true.

Right. That is a much better test, because it's doing what I suggested: sending an IPv6 packet, and seeing if it gets through. You're still subject to possible shenanigans like traffic filtering which might block ICMPv6 ECHOs but allow TCPv6 through.

...and by the way, I'm not sure you can say the DNS is "broken" -- it may be in the case of OpenDNS, but I can definitely picture local DNS administrators implementing a staged IPv6 rollout by having some default IPv4 address returned when a DNS query otherwise only yields AAAA records, and then having a host on that IPv4 address that says "Sorry, you can't access that IPv6 site" or something to that effect.

# host ipv6.google.comipv6.google.com is an alias for ipv6.l.google.com.ipv6.l.google.com has IPv6 address 2001:4860:c004::68

# host www.google.comwww.google.com is an alias for www.l.google.com.www.l.google.com has address 66.102.11.99www.l.google.com has address 66.102.11.104www.l.google.com has IPv6 address 2001:4860:c004::68:)

Maybe, but it is a difficult sell to customers. They will want to know what ipv6 enables them to do that they can't do at the moment. Being able to visit ipv6.google.com and do exactly the same things that they can do on www.google.com at the moment, and being able to see a dancing turtle at www.kame.net isn't really going to seal the deal.

Except that, if this relies on customers making a decision, it's dead.

Modern computers support IPv6. Modern consumer-level routers don't necessarily (mine doesn't), so the connectivity provider needs to provide and/or recommend equipment that does. Provide connection instructions that start up both IPv4 and IPv6. Leave the customer out of it, since 99% of customers don't know what IP is in the first place.

Except that, if this relies on customers making a decision, it's dead.

Modern computers support IPv6. Modern consumer-level routers don't necessarily (mine doesn't), so the connectivity provider needs to provide and/or recommend equipment that does. Provide connection instructions that start up both IPv4 and IPv6. Leave the customer out of it, since 99% of customers don't know what IP is in the first place.

If the customer really, really wants to know what is the advantage for him.. the simple answer is continued access to the internet.

There is no "selling point". The move to IPv6 will be transparent to Joe Sixpack pr0n downloader/web browser/emailer, and Grandma Moses. The move is required in order for them to stay in business, and provide services to their customers. Its that simple.

There is no "selling point". The move to IPv6 will be transparent to Joe Sixpack pr0n downloader/web browser/emailer, and Grandma Moses. The move is required in order for them to stay in business, and provide services to their customers. Its that simple.

In more ways than you might expect. Enabling ipv6 with something like terado on windows can accidentally provide a nice backdoor through your router, and firewall. Most of the personal firewall software on the market does absolutely nothing with ipv6. You might find out the hard way that setting up ipv6 exposes your computer to a lot more than you realize.

Luckily, the same software on your PC doesn't listen on IPv6 in the first place, so it doesn't really matter that your box is v6 accessible.

Huh? Most of the Microsoft services listen just fine on ipv6. Are you comfortable with anyone on the ipv6 internet being able to hit your netbios ports? Even Microsoft points out ipv6 tunneling at a security risk and recommends blocking teredo traffic as the network boundary. http://technet.microsoft.com/en-us/library/bb726956.aspx [microsoft.com]

It allows multiple clients to have their own IP addresses. Which means that you don't have any limitations you have with IPv4 while hosting stuff (bittorrent, games). If your router supports IPv6 of course, but I don't think that network appliances are the problem. Things like mobile devices (for which IPv6 would be great) are more likely to suffer because of lacking IPv6 support.

Having IPv6 doesn't mean that your v4 devices are going to stop working. They'll still be able to make outgoing v4 connections even when every consumer network is double-NAT'd. Most of these can then continue functioning via gateways even if the rest of the world is v6-only. You can, for example, run an IPv4 web proxy which forwards connections to IPv6 web servers. I don't think there are consumer-grade things that do this yet, but you can already get routers that handle external NAT, so IPv6 addresses

I was part of the team that wrote the IPv6 portion of the DOCSIS 3.0 specs. Although DOCSIS 3.0 added a huge number of features, the two that the cable companies were most desperate for were channel bonding (so they could compete with fiber) and IPv6 support.

IPv6 has been internal testing with major cable operators for several years now. Comcast was always likely to be the first to deploy it (for reasons that I can't go into) but I expect the other major operators to follow suit within a year or two.

I'm sure I remember hearing a while back that a big american cable provider had run out of private IPs for cable boxes etc and were now using public IPs for new ones. was it comcast? If so that would be a very powerfull reason to want ipv6 support on the network before v4 addresses ran out.

I'm impressed that Comcast is talking about it trials publicly and engaging customers. Many service providers run stuff in private, don't tell their guinea pigs, I mean customers that they experiment on, and then just select whatever seemed convent for the service provider. Engaging people in a trials like this, seems win/win for the customers and service providers.

This is a good thing, but lets not forget how Comcast continually raped their customers and fought for a closed internet. I urge you not to give them too much credit. If nothing else it is nice to know that they are perhaps not *pure* evil.

For what it's worth, I signed up for the trial. Despite the level-1 tech support's crappiness, and the relative overpricing of their services, Comcast's network department does a pretty good on the backend. Our area has gone from 3mbps to 16mbps (with a 50mbps tier available) in 8 years, and has already completed the analog reclamation process in our area. Good on them for getting a head start on IPv6.

I presume they are going to want to do end-to-end IPv6 eventually, instead of assigning a single IPv6 address to my modem, and then continuing to use IPv4 NAT behind it. However, if they are going to do that, several things are going to have to change:

1. Router default settings will have to change. Out of the box, most home routers use NAT by default, and, since most people don't change the settings (based on the number of 2WIRE### SSID's broadcast to my house), they'll have to redo them for IPv6.2. Auto discovery services will have to get better. I can say, categorically, that OS X is better than Windows and Linux at automatically finding nearby machines and devices that do not have a static IP/DNS A record assigned to them. The other 2 OSes will have to catch up, because, while a quartet of triplets is annoying but manageable to type, an IPv6 address will be a bear to copy down.3. A debate between static and dynamic IP addresses will have to take place. Ideally, a device would get a static IPv6 address assigned to it and keep it forever, no matter where it roamed and went. It'd be akin to a routable MAC address. However, if we do that, we'll run out of IPv6 addresses more quickly (though still not fast), since things like phones get recycled fairly frequently. But there are several obvious downsides to continuing to use totally dynamic IPs.

Finally, as an aside, it's interesting to me, at least, how Apple Airport Base Stations do IPv6 routing automatically via a tunnel provider (as another commenter noted). Comcast doesn't support any IPv6, but when I'm connected to my router at home I get full IPv6 support transparently. Apple doesn't even mention this as a feature on the box, and it's not highly configurable either. So why did they spend all the effort to get it that way? Are they trying to stay so far ahead of the IPv6 curve no one will ever complain they're behind?

I can say, categorically, that OS X is better than Windows and Linux at automatically finding nearby machines and devices that do not have a static IP/DNS A record assigned to them.

That would be strange, since Linux uses exactly the same system as OS X (mDNS) for advertising local machines and services. You didn't disable the Avahi daemon, did you? It's generally enabled by default in new installations. You should be able to refer to any Linux machine on your local network as hostname.local, just as with OS X.

Windows is a bit behind on native support, of course, but you can install Apple's Bonjour for Windows [apple.com] software to get the same effect.

Ideally, a device would get a static IPv6 address assigned to it and keep it forever, no matter where it roamed and went

Why? What problem does this solve? You should be advertising machines via DNS, not by their IP address. If you move to another network, you update the DNS entry. If you're talking about mobile devices roaming between networks then I suggest that you look at Mobile IPv6. This uses IPsec (optional in IPv4, a required bit of IPv6) to update the routing tables when the machine migrates. If you have a Mobile IPv6 address, you can move the machine between networks without dropping connections. Making this

Contact your ISP for information on how they'll implement and deploy IPv6. There's an incorrect assumption that customers MUST be given static IPs, or netblocks simply because there's so many available IPs. Only your ISP can decide that. You can bet if they can "sell" IPs as static for an additional fee, they will. Same for netblocks.

That's not to say they can't use DHCPv6. From what I've heard, a lot of organizations have opted for DHCPv6 instead of stateless auto-configuration because the network admins get the warm fuzzies from having logs of everything. Who knows, there might even be legal ramifications (if the MPAA has anything to say about it?) for ISPs that don't keep logs about who's assigned what?

Maybe I'm missing something but shouldn't you be able to just share the prefix and other configuration data using radvd/rtadvd and then use your switches to determine the MAC and thus also IPv6 address of all IPv6-enabled hosts on your network? To me it seems straightforward but maybe I'm missing something here...

Basically, with IPv4, if you have a dynamic address (say 5.6.7.8), and then your connection drops out, and now you are a different address (say 5.8.7.6), then the machines behind your NAT aren't affected, because they're still using a 192.168.0.x 192.168.0.1 gateway thingy.

But in IPv6, what subnet your ISP allocates you (e.g. 2001:db8:1:5678::/64) influences what machines in your LAN (i.e. what would be behind your IP

Your ISP can easily protect you from IPv6 by giving you a NAT router, or you can get one yourself. As IPv6 gets rolled out, I expect more and more IPV6 to IPv4 NAT routers will become popular.

You ask for www.google.com, your computer does an IPv4 lookup to the router, the router translates that to an IPv6 lookup, caches the IPv6 address, and returns a valid-looking IPv4 address to your computer. When you ask for that IPv4 address, the router knows what IPv6 address it has associated with it and handles th

Depressingly, the grandparent isn't an idiot. This actually was the reason that a lot of corporate networks stayed with v4 for so long, and the v6 to v4 NAT arrangement was only finalised about a year ago. The main reason for it was printers. Lots of corporate networks contain network printers that only support IPv4. If you switch the network to v6, then you either need to upgrade the printers (expensive) or provide some hack to connect to them. Another issue was CCTV cameras. Lots of companies have I

The problem with this proposal is that the ipv4 header is fixed in format and size. To support such an extensible addressing scheme would break ipv4 in at least as many ways as IPv6 will. IPv6, by the way, has an extension header mechanism, so it could, theoretically, have an extensible addressing system like what you describe (and you wouldn't even need to have multiple ports along the way). Supporting it would still require firmware updates to the routers, but it would not break any existing ipv6 conne

Note that IPv6 wants sparse hierarchical addressing, doesn't like routing packets to subnets smaller than a/64 and requires some ranges reserved for things like 6to4 and multicast. In practice, we only really have enough IPv6 addresses for everyone on the planet to have a few tens of thousands of devices, depending on the network topology.